[Openswan Users] Random connection error (timeout) for clients

Lionel Bernhardt lionel.bernhardt at eurocash.eu
Tue Nov 13 03:36:11 EST 2012 

Hello,

I am experiencing a weird problem with my server.

Randomly, some users (PC with 3G internet access) can get a timeout error
when trying to connect to the server. The connection problem can sometimes
be solved with a PC reboot but not anytime.

The strange thing is that while he's trying to connect, I can separately
connect with my 3G phone connection without any trouble.

This problem occurs randomly but most often daytime.

I didn't experience it with my ADSL internet connection from home.

 

The only thing I noted in /var/log/auth.log is : 

 

Nov 12 15:48:46 vpn pluto[1292]: packet from 80.214.9.52:3241: received and
ignored informational message

Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]

Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring
Vendor ID payload [FRAGMENTATION]

Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106

Nov 12 15:50:18 vpn pluto[1292]: packet from 80.214.1.57:15211: ignoring
Vendor ID payload [Vid-Initial-Contact]

Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
responding to Main Mode from unknown peer 80.214.1.57

Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1

Nov 12 15:50:18 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
STATE_MAIN_R1: sent MR1, expecting MI2

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
STATE_MAIN_R2: sent MR2, expecting MI3

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028: Main
mode peer ID is ID_FQDN: '@eurocash-67caee'

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[575] 80.214.1.57 #1028:
switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT"

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
deleting connection "L2TP-PSK-NAT" instance with peer 80.214.1.57
{isakmp=#0/ipsec=#0}

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: new
NAT mapping for #1028, was 80.214.1.57:15211, now 80.214.1.57:38379

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: peer
client type is FQDN

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
Applying workaround for MS-818043 NAT-T bug

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: IDci
was FQDN: \303\006\214+, using NAT_OA=10.211.63.77/32 0 as IDci

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028: the
peer proposed: xxx.xxx.xxx.xxx/32:17/1701 -> 10.211.63.77/32:17/0

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
responding to Quick Mode proposal {msgid:6de05eb8}

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
us: xxx.xxx.xxx.xxx<xxx.xxx.xxx.xxx>[+S=C]:17/1701

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
them: 80.214.1.57[@eurocash-67caee,+S=C]:17/1701===10.211.63.77/32

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
netlink_raw_eroute: WARNING: that_client port 0 and that_host port 1701
don't match. Using that_client port.

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Nov 12 15:50:19 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1029:
STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xb714c51c
<0xb93bea89 xfrm=3DES_0-HMAC_MD5 NATOA=10.211.63.77 NATD=80.214.1.57:38379
DPD=none}

Nov 12 15:50:21 vpn pluto[1292]: initiate on demand from
xxx.xxx.xxx.xxx:1701 to 80.214.1.57:1701 proto=17 state: fos_start because:
acquire

Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
received Delete SA(0xb714c51c) payload: deleting IPSEC State #1029

Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
ERROR: netlink XFRM_MSG_DELPOLICY response for flow eroute_connection delete
included errno 2: No such file or directory

Nov 12 15:50:54 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
received and ignored informational message

Nov 12 15:50:55 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57 #1028:
received Delete SA payload: deleting ISAKMP State #1028

Nov 12 15:50:55 vpn pluto[1292]: "L2TP-PSK-NAT"[576] 80.214.1.57: deleting
connection "L2TP-PSK-NAT" instance with peer 80.214.1.57
{isakmp=#0/ipsec=#0}

 

 

How can I solve this one?

Thanks for your valuable help.

lionel

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121113/97b594cd/attachment.html>

More information about the Users mailing list